Smartphone users at greater risk

Smartphones are becoming attractive targets for hackers and producers of malicious software because many of the devices contain a wealth of sensitive personal and financial information

By
DAVE LARSEN
Dayton (Ohio) Daily News

April 5, 2012 — 4:41pm

Seth Wenig, Associated Press - ApRobert Drayton uses his smartphone to help him find the right gifts and compare prices at Toys R Us in New York, Monday, Nov. 28, 2011. Shoppers seem to be just as enthusiastic about shopping on their computers and smartphones on Cyber Monday as they were about finding deals over the Black Friday weekend.

Smartphones are becoming attractive targets for hackers and producers of malicious software because many of the devices contain a wealth of sensitive personal and financial information, experts said.

Seven percent of smartphone owners were victims of identity fraud in 2011, a one-third higher incidence rate compared to the general public, according to a recent survey by Javelin Strategy and Research.

The increased risk is attributable in part to consumer behavior. The survey found that 62 percent of smartphone owners don't use a password on their home screen, enabling anyone to access their information if the phone is lost. The survey also found that 32 percent save login information on their devices.

More than 1 billion people worldwide are expected to own smartphones by 2016, according to Forrester Research. In the U.S. alone, consumers will own 257 million smartphones and 126 million tablet computers.

Smartphones often contain people's banking data, contact information, work and personal email accounts, and family photos, making them a "wonderful target" for hackers, said Vikram Sethi, director of the Wright State University Institute of Defense Studies and Education.

Consumers tend to think their mobile devices are safer from break-ins than desktop computers, but many people fail to update their operating system or run security software on their smartphones, Sethi said.

"That leaves these devices actually more vulnerable than any other type of environment," he said.

Mobile banking applications that allow users to quickly send money from their handheld device carry more information about the individual user and financial transactions than most home computers, which tend to be more secure, Sethi said.

"I think we are just seeing the tip of the iceberg with the vulnerabilities in mobile media," he said.

More than $1 million was stolen from users of Android-based smartphones in 2011 through malicious software, or "malware," that made fraudulent charges to users' phone bills, according to Lookout Mobile Security, a San Francisco company that develops anti-malware applications for the Android and iPhone markets.

Unlike PC-based malware, where a hacker must steal bank or credit card credentials and then find a way to access the accounts, the "GGTracker" mobile threat discovered in June exploited smartphones' ability to charge user accounts through premium-rate text messages, like those used to purchase mobile ring tones or game tokens.

"Because it is a direct line to your billing, hackers are actually using that as a mechanism to charge people unknowingly," said Alicia diVittorio, a Lookout mobile safety advocate.

Malware and viruses are being repackaged in apps that appear legitimate, as well as in malicious in-app and Web advertisements.

Malware aimed at the Android operating system surged to 13,000 samples at the end of 2011 from only 400 in June, according to a Juniper Networks study released in February. Malicious apps on the iPhone platform are limited because of Apple's closed applications market and stringent screening model, but iPhone users also should use security precautions.

"The threats are different to the two platforms, but they are both software systems and every software system has inherent vulnerabilities," diVittorio said. Operating system updates are important because they often fix security flaws, she said.

Like PCs, smartphones are vulnerable to Web-based threats such as "phishing" scams, which attempt to trick users into entering personal details into a fake website that looks legitimate. Such threats can be difficult to spot on a smartphone because of the smaller screen size.

"People are three times more likely to succumb to a phishing threat on their phone than their PC," diVittorio said.

Using a free, public wireless network for private transactions such as credit card purchases or mobile banking can put your personal data at risk, Sethi said. Unsecured Wi-Fi networks are fine for general Web surfing but shouldn't be used for password-protected sites.

"Those types of lapses cause long-term harm as a consequence of the mobile environment," Sethi said.

Nationally, overall identity fraud incidents rose 13 percent to 11.6 million people in 2011, but the dollar amount stolen remained steady, according to the Javelin study. The company in October 2011 conducted an address-based survey of 5,022 U.S. consumers to identify the impact of fraud.